Normal view

There are new articles available, click to refresh the page.
Before yesterdayclearbluejar

Ghidra Python Paleontology

30 September 2022 at 02:51
TL;DR - This post will walk through the process of creating a Headless Ghidra Python VScode template. This is not recommended as the official language for Ghidra is Java and the supported IDE is Eclipse, but we will give it a go. The process involved β€œdigging up” the Ghidra Python Scripting landscape and understanding what was possible. The lessons learned are capture in the VScode template ghi...

Introducing CVE North Stars

30 August 2022 at 10:48
TL;DR - CVE North Stars is a tutorial that introduces a method to kickstart vulnerability research by treating CVEs as North Stars in vulnerability discovery and comprehension. Background This post introduces CVE North Stars, a tutorial I started writing back in 2020 (v1.0.0) when attempting to learn methods of vulnerability research. At the time, I observed several examples of others usi...

From NtObjectManager to PetitPotam

24 June 2022 at 03:46
TL;DR - Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls. I was inspired by From RpcView to PetitPotam from @itm4n, an excellent post that taught me how to use RpcView to discover the RPC interfaces and in pa...

A Survey of Windows RPC Discovery Tools

2 June 2022 at 05:11
TL;DR A survey of Windows Remote Procedure Call discovery tools and an attempt to understand how open source tools discover RPC servers, interfaces, and procedures. Windows RPC has been a black box for me for some time. This post is an attempt to leverage analysis of open source RPC tools to pry open that box. I started by reading MSDN, getting bored and then bouncing between several detailed ...

Mining Google Chrome CVE data

17 May 2022 at 20:38
TL;DR - The Google Chrome Releases blog provides CVE data one liners containing all the information needed to create a rich CVE data source. Google Chrome CVEs are plentiful and provide information for understanding Google Chrome security trends. Using the information available, I was able to create an enriched CVE data source to enhance the CVE Markdown Charts Github project. CVE Data Sou...

Introducing CVE Markdown Charts - Part 1

19 March 2022 at 21:56
TL;DR - CVE Markdown Charts - Your InfoSec reports will now write themselves… After writing several InfoSec reports and researching CVEs, I discovered a means to create dynamic charts that help readers and myself understand various CVE relationships and their implications. Say hello to CVE Markdown Charts, or at least its first iteration (v0.1.0). CVE, as in Common Vulnerabilities and Expo...